BugTraq
Back to list
|
Post reply
Re: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon possible
Mar 24 2003 01:25AM
Rizan Sheikh Mohd (sheikhrizan rocketmail com)
In-Reply-To: <1779CE9992706F45BDC9575124A5AAE50122188A (at) a0001-xpo0114-s.hodc.ad (dot) alls [email concealed]ta
te.com>
Not exactly cause I have CPK FW-1 NG FP2 Build 52163. The logging server &
management are separated. It seems that syslog is running on port 514udp:
$ ps -aef | grep syslog
root 7239 7231 0 Mar23 ? 00:00:01 syslog 514 all
Maybe the wording Checkpoint used on their web site.
"Prior to the release of NG FP3 HF2......." really does include ALL
releases before FP3
Rizan
>Received: (qmail 16221 invoked from network); 21 Mar 2003 23:10:48 -0000
>Received: from outgoing2.securityfocus.com (HELO
outgoing.securityfocus.com) (205.206.231.26)
> by mail.securityfocus.com with SMTP; 21 Mar 2003 23:10:48 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
> by outgoing.securityfocus.com (Postfix) with QMQP
> id 337008F31B; Fri, 21 Mar 2003 16:10:34 -0700 (MST)
>Mailing-List: contact bugtraq-help (at) securityfocus (dot) com [email concealed]; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq (at) securityfocus (dot) com [email concealed]>
>List-Help: <mailto:bugtraq-help (at) securityfocus (dot) com [email concealed]>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe (at) securityfocus (dot) com [email concealed]>
>List-Subscribe: <mailto:bugtraq-subscribe (at) securityfocus (dot) com [email concealed]>
>Delivered-To: mailing list bugtraq (at) securityfocus (dot) com [email concealed]
>Delivered-To: moderator for bugtraq (at) securityfocus (dot) com [email concealed]
>Received: (qmail 1533 invoked from network); 21 Mar 2003 18:47:50 -0000
>Message-ID: <1779CE9992706F45BDC9575124A5AAE50122188A@a0001-xpo0114-
s.hodc.ad.allstate.com>
>From: "Hines, Eric" <ehin4 (at) allstate (dot) com [email concealed]>
>To: dchesterfield (at) bankofny (dot) com [email concealed]
>Subject: RE: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog
> daemon possible
>Date: Fri, 21 Mar 2003 12:59:20 -0600
>MIME-Version: 1.0
>X-Mailer: Internet Mail Service (5.5.2653.19)
>content-class: urn:content-classes:message
>Content-Type: text/plain;
> charset="iso-8859-1"
>
>Alright. I was just concerned because of the wording Checkpoint used on
>their web site.
>"Prior to the release of NG FP3 HF2......."
>
>I'm going to assume they were referring to the HF2 portion of that, and
not
>< FP3
>
>
>Eric Hines
>
>
>
>-----Original Message-----
>From: dchesterfield (at) bankofny (dot) com [email concealed] [mailto:dchesterfield (at) bankofny (dot) com [email concealed]]
>Sent: Friday, March 21, 2003 12:53 PM
>To: Hines, Eric
>Cc: Maillist Bugtraq; Dr. Peter Bieringer
>Subject: Re: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against
>syslog daemon possible
>
>
>
>The daemon was apparently only introduced since FP3
>
>
>
>
>
> "Hines, Eric"
>
> <ehin4 (at) allstate (dot) c [email concealed] To: "Dr. Peter
>Bieringer" <pbieringer (at) aerasec (dot) de [email concealed]>, Maillist Bugtraq
> om>
<bugtraq (at) securityfocus (dot) com [email concealed]>
>
> cc:
>
> 21/03/2003 06:31 Subject: Re: Check Point
>FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon
> pm possible
>
>
>
>
>
>
>
>Has anyone tested these vulnerabilities on NG FP1 or are they strictly
>related to FP3?
>
>Eric Hines
>
>
>
>
>-----Original Message-----
>From: Dr. Peter Bieringer [mailto:pbieringer (at) aerasec (dot) de [email concealed]]
>Sent: Friday, March 21, 2003 6:47 AM
>To: Maillist Bugtraq; Maillist full-disclosure
>Subject: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog
>daemon possible
>
>
>Hi all,
>
>interesting for all Check Point FW-1 NG users which have enabled the
>since
>FP3 included syslog daemon.
>
>
>
>
>
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
te.com>
Not exactly cause I have CPK FW-1 NG FP2 Build 52163. The logging server &
management are separated. It seems that syslog is running on port 514udp:
$ ps -aef | grep syslog
root 7239 7231 0 Mar23 ? 00:00:01 syslog 514 all
Maybe the wording Checkpoint used on their web site.
"Prior to the release of NG FP3 HF2......." really does include ALL
releases before FP3
Rizan
>Received: (qmail 16221 invoked from network); 21 Mar 2003 23:10:48 -0000
>Received: from outgoing2.securityfocus.com (HELO
outgoing.securityfocus.com) (205.206.231.26)
> by mail.securityfocus.com with SMTP; 21 Mar 2003 23:10:48 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
> by outgoing.securityfocus.com (Postfix) with QMQP
> id 337008F31B; Fri, 21 Mar 2003 16:10:34 -0700 (MST)
>Mailing-List: contact bugtraq-help (at) securityfocus (dot) com [email concealed]; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq (at) securityfocus (dot) com [email concealed]>
>List-Help: <mailto:bugtraq-help (at) securityfocus (dot) com [email concealed]>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe (at) securityfocus (dot) com [email concealed]>
>List-Subscribe: <mailto:bugtraq-subscribe (at) securityfocus (dot) com [email concealed]>
>Delivered-To: mailing list bugtraq (at) securityfocus (dot) com [email concealed]
>Delivered-To: moderator for bugtraq (at) securityfocus (dot) com [email concealed]
>Received: (qmail 1533 invoked from network); 21 Mar 2003 18:47:50 -0000
>Message-ID: <1779CE9992706F45BDC9575124A5AAE50122188A@a0001-xpo0114-
s.hodc.ad.allstate.com>
>From: "Hines, Eric" <ehin4 (at) allstate (dot) com [email concealed]>
>To: dchesterfield (at) bankofny (dot) com [email concealed]
>Subject: RE: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog
> daemon possible
>Date: Fri, 21 Mar 2003 12:59:20 -0600
>MIME-Version: 1.0
>X-Mailer: Internet Mail Service (5.5.2653.19)
>content-class: urn:content-classes:message
>Content-Type: text/plain;
> charset="iso-8859-1"
>
>Alright. I was just concerned because of the wording Checkpoint used on
>their web site.
>"Prior to the release of NG FP3 HF2......."
>
>I'm going to assume they were referring to the HF2 portion of that, and
not
>< FP3
>
>
>Eric Hines
>
>
>
>-----Original Message-----
>From: dchesterfield (at) bankofny (dot) com [email concealed] [mailto:dchesterfield (at) bankofny (dot) com [email concealed]]
>Sent: Friday, March 21, 2003 12:53 PM
>To: Hines, Eric
>Cc: Maillist Bugtraq; Dr. Peter Bieringer
>Subject: Re: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against
>syslog daemon possible
>
>
>
>The daemon was apparently only introduced since FP3
>
>
>
>
>
> "Hines, Eric"
>
> <ehin4 (at) allstate (dot) c [email concealed] To: "Dr. Peter
>Bieringer" <pbieringer (at) aerasec (dot) de [email concealed]>, Maillist Bugtraq
> om>
<bugtraq (at) securityfocus (dot) com [email concealed]>
>
> cc:
>
> 21/03/2003 06:31 Subject: Re: Check Point
>FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon
> pm possible
>
>
>
>
>
>
>
>Has anyone tested these vulnerabilities on NG FP1 or are they strictly
>related to FP3?
>
>Eric Hines
>
>
>
>
>-----Original Message-----
>From: Dr. Peter Bieringer [mailto:pbieringer (at) aerasec (dot) de [email concealed]]
>Sent: Friday, March 21, 2003 6:47 AM
>To: Maillist Bugtraq; Maillist full-disclosure
>Subject: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog
>daemon possible
>
>
>Hi all,
>
>interesting for all Check Point FW-1 NG users which have enabled the
>since
>FP3 included syslog daemon.
>
>
>
>
>
[ reply ]